Restricting a User or Role's Privileges

By removing privileges, you can prevent
users and roles from performing particular tasks. You can remove privileges
from the initial inheritable set, and from the limit set. You should carefully
test removal of privileges before you distribute an initial inheritable set
or a limit set that is smaller than the default set. By removing privileges
from the initial inheritable set, you might prevent users from logging in.
When privileges are removed from the limit set, a legacy setuid program
might fail because the program requires a privilege that was removed.